Skip to content

The IBM z/VM TCP/IP configuration must include an SSLSERVERID statement.

An XCCDF Rule

Description

<VulnDiscussion>The Secure Socket Layer (SSL) server, provides processing support for secure (encrypted) communication between remote clients and z/VM TCP/IP application servers that are configured for secure communications The TCP/IP (stack) server routes requests for secure connections to an SSL server, which interacts with a client on behalf of an application server to perform handshake operations and the exchange of cryptographic parameters for a secure session. The SSL server then manages the encryption and decryption of data for an established, secure session. Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless. Encryption provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection (e.g., RDP), thereby providing a degree of confidentiality. The encryption strength of a mechanism is selected based on the security categorization of the information. Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000250-GPOS-00093, SRG-OS-000424-GPOS-00188, SRG-OS-000426-GPOS-00190, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPOS-00174, SRG-OS-000423-GPOS-00187</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-237906r858945_rule
Severity
Medium
Updated



Remediation - Manual Procedure

Configure the "SSLSERVERID" statement to force auto logging of an SSL server before all other servers in the "AUTOLOG" list.